Risky Business Podcast
February 28, 2018
Risky Business #488 -- Stop users recycling passwords with the pwned passwords API
Presented by
CEO and Publisher
Technology Editor
On this week’s show we’ll chat with Troy Hunt of Have I Been Pwned. He’s released version two of his pwned password service and API. Basically it lets websites check to see if a user’s password is one that he has in his dataset. Version two allows this process to happen without users having to send over a complete password hash to HIBP.
It’s making some waves already. It’s a genuinely interesting, free service.
In this week’s sponsor interview we chat with Trail of Bits security engineer JP Smith about all thing blockchain. Trail of Bits has gotten into blockchain stuff because, hey, we’ve all heard about the many, many security issues associated with things like Ethereum smart contracts, and when it comes to blockchain and Ethereum security, well, someone has to do it.
JP will talk us through some of the bug classes he sees as well as talk about the work trail of bits has done on its dynamic binary analysis software Manticore in terms of applying it to the Etherum Virtual Machine.
Adam Boileau, as always, is this week’s news guest.
The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.
Brought to you by Trail of Bits
We don't just fix bugs, we fix software
Show notes
Cisco's Talos Intelligence Group Blog: Who Wasn’t Responsible for Olympic Destroyer?
Winter Olympics hack shows how advanced groups can fake attribution
Russia accused of “false flag” attack on Olympic opening | Ars Technica
U.S. and U.K. blame Russia for infamous 'NotPetya' cyberattacks
US grand jury indicts 13 Russian nationals for election meddling
The Feds Can Now (Probably) Unlock Every iPhone Model In Existence
Apple Tackles Cellebrite Unlock Claims, Sort Of | Threatpost | The first stop for security news
Apple moves to store iCloud keys in China, raising human rights fears
New SEC guidance: Please don't sell your stocks if you have insider info about a breach
WhatsApp Co-Founder Brian Acton Injects $50 Million in Newly Formed Signal Foundation | WIRED
SEC.gov | SEC Charges Former Bitcoin-Denominated Exchange and Operator With Fraud
Australian 'bitcoin founder' Craig Wright accused of stealing billions of dollars worth of bitcoin
Attorney General Sessions Announces New Cybersecurity Task Force | OPA | Department of Justice
US Border Agents Didn't Verify Any e-Passports Since 2007 Because They Didn't Have the Software
In-the-wild DDoSes use new way to achieve unthinkable sizes | Ars Technica
One-stop counterfeit certificate shops for all your malware-signing needs | Ars Technica
A Hacker Has Wiped a Spyware Company’s Servers—Again - Motherboard
Hacker Returns $26 Million Worth of Ethereum Back to Hacked Company
Duo Finds SAML Vulnerabilities Affecting Multiple Implementations | Duo Security
uTorrent vulnerabilities allow information disclosure and remote code execution
People Are Blasting iOS 'Text Bombs' on Twitter to Crash iPhones - Motherboard
Troy Hunt: I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download